About Me

Hello, my name is Tom Cope and I am a Cyber Security Engineer! I currently work at ControlPlane as a Principal Consultant, previously working at a leading asset manager. Before that, I worked as the Chief Security Officer of NextDLP. I'm an ex-IBMer, originally joining the Apprenticeship program in 2012, I progressed to a Cloud Cyber Security Architect while studying part-time at Oxford University for a Master's Degree in Software and Systems Security.

I am an experienced Security Architect and Systems Engineer with a passion for designing, building and maintaining secure systems, processes, and teams. I have strong experience in both Cloud and containerised (Docker / Kubernetes) platforms while working in DevSecOps environments. I enjoy programming and electronics in my spare time - you can learn more in the “Projects” sections below. I have a keen interest in Security and Cryptography. I enjoy designing and building secure systems / software as well as performing security research on pre-existing systems / software. I am CISSP Certified as well as a Redhat Linux System Engineer. I use these skills extensively at work and for the support of this server which is used to host both myself, and a friend's projects (Server Status).

In my spare time, I am a STEM Ambassador and an Associational (MBCS) Member of the British Computer Society. I play games such as TF2, and Minecraft. Avid runner and enjoy a good game of Badminton. Also enjoy Skiing when I get the chance. Feel free to drop me a line on my LinkedIn, or check out my projects on GitHub or YouTube.

Blog posts

Some of my ramblings (RSS feed available ) :

Digital Detox

Some advise from my digital detox adventures

(Posted on 09 May 2025 · 4 min read)

BSides Birmingham 2025

Vising the first ever BSides Birmingham!

(Posted on 03 May 2025 · 1 min read)

DC4420

My first ever visit to DC4420 after its long hiatus!

(Posted on 29 April 2025 · 2 min read)

Microsoft Reactor Ai Driven Coding and Challenges

Learning about the sharp edges of building AI powered systems

(Posted on 23 April 2025 · 1 min read)

BSides Basingstoke mini meet

Hanging out with Cyber Security Peeps

(Posted on 11 April 2025 · 1 min read)

Even more posts

Projects

A selection of my favorite projects:

boTTom

Tom's Bot or Bot Tom - A Reliable Secure Simple Easy to Deploy Cross Platform Botnet

I've always had an interest in botnets, from Mirai to Emotet, this side project is my own botnet creation used to test out new ideas and learn more about what it takes to build a botnet, how they can be taken down and how to best approach them.

ssh_ws

Homegrown implementation of Google Beyond Corp security system (Zero Trust)

This is a demonstration of a proof of concept I built to tunnel ssh traffic over web-sockets using the same system Google uses (Zero Trust) to secure SSH access. It used JWT, mTLS and OAuth. I build both a client and server application to achieve this.

Even more projects

Exploits / CVEs

A list of exploits / CVEs I've found and responsibility disclosed:

IBM Datapower Exploit CVE-2020-5014

A walkthrough of CVE-2020-5014 - SSRF leading to RCE Exploit I discovered in IBM Datapower

(Posted on 21 October 2020 · 3 min read)

IBM HMC Exploit CVE-2021-29707

A walkthrough of CVE-2021-29707 - IBM HMC local restricted shell user to root

(Posted on 19 July 2021 · 6 min read)

Languages

I primarily write GO / Golang day to day and shell scripting. I have experience with the below languages:

Programming Languages

GO / Golang (preferred)
C++
C
Erlang
Bash/KSH
Javascript
PHP
Visual Basic
Java
C#
Arduino
Processing
Python
Perl
Powershell

Markup Languages

HTML5
CSS
LaTeX

Skills

I have dabbled in a few things:

Pentesting

Kali Linux
Wireshark
Burp Suite
OWASP ZAP
nmap
sqlmap
dirb
IDA Pro
Radara
strace/procmon
Metasploit Framework
JD-GUI
Hashcat
Aircrack
Bash Bunny
USB Rubber Ducky

Tools / Software

GIT
Docker
Kubernetes
Puppet
PKI / Encryption
Jira
Bitbucket
Zabbix
Elastic Search
Nginx
Forum Sentry
Entrust PKI
Wireshark
OpenSSL
GSKit
Jenkins
PostgreSQL
Systemd
Firewalld
Network Manager
GPG
Yubikey (2FA + UFA + Webauthn)
Postfix
Mosquitto(MQTT)
LDAP
vi/vim
Postfix
PAM
SSSD
Memcached
Gemalto SafeNet Luna Network HSM
OpenID Connect / OAuth / SAML
Keycloak
LetsEncrypt / Certbot / Boulder
FreeIPA
JWT / JWE / JWS
Hashicorp Vault
Terraform
Drone
PKCS11
Chisel
RabbitMQ
Gitlab

IBM Specific

Datapower
Security Directory Server
Security Access Manager
HTTP Server
Webseal
HMC
pSeries
MQ

Operating Systems

Redhat Linux (RHEL 6/7/8)
Centos
FreeBSD
Ubuntu
Debian
Kali Linux
Manjaro
IBM AIX
Windows Server 2012
Windows 10

Clouds

AWS (AWS Certified Solutions Architect - Associate)
Google (Google Cloud Associate Cloud Engineer [in-progress])

Qualifications

(ISC)2 CISSP Certiﬁed
AWS Certified Solutions Architect - Associate
Google Cloud Associate Cloud Engineer (in-progress)
Redhat Certiﬁed System Engineer (RHEL 7)
Redhat Certiﬁed System Administrator (RHEL 7)
CompTIA Security+
CREST Certiﬁed Infrastructure Pen Tester
CREST Certiﬁed Wireless Pen Tester